Showing results for 
Search instead for 
Did you mean: 

Iframe or Hosted Redirect - invalid or missing token

Hello all,


I'm very happy there's such a great developer's community here!

I'm implementing the CIM solution. I've spent a few days going over the sample code and felt that I understood the big picture. I've been able to send an XML request for a profile ID - successfully - and a subsequent XML request for a token apparently successfully; I get a token that looks similar to this (all this output being echoed in the browser window: 5qUQDuuBL4deq6N7W3DBBuSEsA9oPZOY91S6f76p/wS1EU2v8EPQks8kC78FV1qkML3MuWzMO/Cl6b5Fq4hDlcXkG1hb3JC3lbrRgTdPHBRGZf2GQ6tiAqa8TfPkYvap8voN922BncMgP/++pmqtIeVPA3GV9UDmUCHckEcYnha3ytdzvEhZxskcB6/KKen0


I've got a form named "tokenform" which has a hidden field with the token in it, and targets the iframe name. The iframe opens up and displays a message "Powered by" & "Missing or invalid token."

Here's the section of code I think is having an issue:



<form name="tokenform" target="authnetpopup">
<input type="hidden" name="tokenfield" value=<?php echo htmlspecialchars($token); ?> />

<iframe id="authnetpopup" name="authnetpopup" src=""></iframe>



If someone could point out what must be the obvious, I'd be eternally grateful!


Thanks so much. Looking forward to your assistance!





Accepted Solutions

Now that I'm awake. the problem is that the <form /> is not posting anything, it doesn't have a button, there is no javascript that post the form. So basically, you are just try to open on a iframe which will fail because it not getting any token. Download the sample code and see how it work and change it to work with php.

View solution in original post


I'll point out that I've tried several ways of passing that token variable (all within the php tags)

echo $token








... and I've increased the form field size to 255 to make certain all of the token characters are making it in the form field.


I also have the exact same problem with the redirect code, for which I've copied the sample code in the CIM guide with the exception of using the current token ID instead of the sample.


 <input type="hidden" name="Token" value="..." />
other then that, not sure as I don't work with php.


wouldn't it be easier if you set the type as text until you can get it to work?

Thanks for your quick reply.


Yes, I tried doing that, and that's what prompted me to set the field size to 255 characters because it seemed that the default field length was too short to hold the entire token value. I copied the working solution from and tried that, but also to no avail.


<form method="post" name="tokenform" target="authnetpopup">
<input type="text" name="Token" value="<?php echo $token; ?>" />


<iframe id="authnetpopup" name="authnetpopup" src=""></iframe>


I still get the same message.

I think it is name sensitive, change it to just like the sample

change the form id="formAuthorizeNetPage"

and the iframe to iframeAuthorizeNet

Thanks for the suggestion - I just tried it and still not working.


<form method="post" name="formAuthorizeNetPage" target="iframeAuthorizeNet">
<input type="text" size="255" name="Token" value="<?php echo $token; ?>" />

<iframe id="iframeAuthorizeNet" name="iframeAuthorizeNet" src=""></iframe>



Same error message, and though it shouldn't matter, I've even tried it with multiple browsers.

Here's the rest of the surrounding code:



include_once ("vars.php");
include_once ("util.php");

//echo "create profile...<br><br>";

$email = $_POST["email"];

//build xml to post
$content =
    "<?xml version=\"1.0\" encoding=\"utf-8\"?>" .
    "<createCustomerProfileRequest xmlns=\"AnetApi/xml/v1/schema/AnetApiSchema.xsd\">" .
        "<merchantCustomerId></merchantCustomerId>". // Your own identifier for the customer.
        "<email>" . $email . "</email>".

// echo "Raw request: " . htmlspecialchars($content) . "<br><br>";
$response = send_xml_request($content);
// echo "Raw response: " . htmlspecialchars($response) . "<br><br>";
$parsedresponse = parse_api_response($response);
if ("Ok" == $parsedresponse->messages->resultCode)

  $profileID = htmlspecialchars($parsedresponse->customerProfileId);

  echo "customerProfileID" . $profileID . "\n\n";

  // build XML content to post getHostedProfilePageRequest
  $content =
      "<?xml version=\"1.0\" encoding=\"utf-8\"?>" .
      "<getHostedProfilePageRequest xmlns=\"AnetApi/xml/v1/schema/AnetApiSchema.xsd\">" .
        MerchantAuthenticationBlock() .
        "<customerProfileId>" . $profileID . "</customerProfileId>" .
        "<hostedProfileSettings>" .
// optional settings to change later. This is the action to take when leaving the site.
//          "<setting>" .
//            "<settingName>hostedProfileReturnUrl</settingName>" .
//            "<settingValue></settingValue>" .
//          "</setting>" .
//          "<setting>" .
//            "<setting Name>hostedProfileReturnUrlText</settingName>" .
//            "<settingValue>Continue to somepage</settingValue>" .
//          "</setting>" .
      "</hostedProfileSettings>" .              
  $response = send_xml_request($content);
  $parsedresponse = parse_api_response($response);

    $token = htmlspecialchars($parsedresponse->token);
    echo $token . "\n\n";



<form method="post" name="formAuthorizeNetPage" target="iframeAuthorizeNet">
<input type="text" size="255" name="Token" value="<?php echo $token; ?>" />


<iframe id="iframeAuthorizeNet" name="iframeAuthorizeNet" src=""></iframe>






... and I'm just using the sample index.php page provided with the email form targeting this file. All output is correct until the iframe.

Can you download the sample code and start from there.I don't think the iframe work that way.

Also tried hard-coding it within the PHP tags:




echo '<form method="POST" name="formAuthorizeNetPage" target "iframeAuthorizeNet">
<input type="text" size="255" name="Token" value="'.$token.'"></form>';
echo '<iframe id="iframeAuthorizeNet" name="iframeAuthorizeNet" src=""></iframe>';




but same error message. Capitalized POST as well.